Headline
GHSA-vp56-r7qv-783v: ahh vulnerable to Path Traversal
Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
ahh vulnerable to Path Traversal
Moderate severity GitHub Reviewed Published Dec 28, 2022 • Updated Dec 30, 2022
Related news
CVE-2020-36559: #266 addressing path traversal issue on static file delivery by jeevatkm · Pull Request #267 · go-aah/aah
Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.